spring-cloudhashicorp-vaultspring-cloud-vault-configspring-vault

Spring vault does not use the new token after login


I am trying to read secrets from vault using Spring vault cloud. I use a service token type.

In my set-up the max_ttl is set to 1h and ttl to 10 minutes, so the token will be renewed at every 10 minutes till the max_ttl is reached. Once the max_ttl is reached, the token will be dropped/revoked and a new login is performed, receving a new token.

The issue is that when trying to read secrets, the old expired token is still used.

Any idea why this happens?

Using:

Vault audit logs: enter image description here


Solution

  • The issue does not reproduce anymore as we disable the use of the reactive org.springframework.vault.authentication.ReactiveLifecycleAwareSessionManager in favor of the "classic: one: org.springframework.vault.authentication.LifecycleAwareSessionManager.

    For disabling it, we set: spring.cloud.vault.reactive.enabled=false